diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-03-05 17:28:32 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-03-05 17:28:32 +0000 |
commit | bf8e6543f1466d29edffb8b22dc827cb2eda1572 (patch) | |
tree | 5651729feeb41dbf0f027aabe4b17d512e3917c3 | |
parent | 766e1af1288059a393e101264be1290cfaeb50f2 (diff) | |
download | gnutls-bf8e6543f1466d29edffb8b22dc827cb2eda1572.tar.gz |
renamed all instances of _SHA to _SHA1 to make naming more consistent and clear.
-rw-r--r-- | lib/gnutls.h.in.in | 10 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 144 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 2 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 12 | ||||
-rw-r--r-- | lib/gnutls_int.h | 4 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 4 | ||||
-rw-r--r-- | lib/gnutls_sig.c | 4 | ||||
-rw-r--r-- | lib/gnutls_srp.c | 6 | ||||
-rw-r--r-- | lib/gnutls_state.c | 2 | ||||
-rw-r--r-- | lib/x509/crl_write.c | 4 | ||||
-rw-r--r-- | lib/x509/crq.c | 4 | ||||
-rw-r--r-- | lib/x509/pkcs12.c | 4 | ||||
-rw-r--r-- | lib/x509/privkey.c | 16 | ||||
-rw-r--r-- | lib/x509/sign.c | 2 | ||||
-rw-r--r-- | lib/x509/verify.c | 2 | ||||
-rw-r--r-- | lib/x509/x509.c | 106 | ||||
-rw-r--r-- | lib/x509/x509_write.c | 4 | ||||
-rw-r--r-- | libextra/gnutls_openssl.c | 12 | ||||
-rw-r--r-- | src/certtool.c | 23 | ||||
-rw-r--r-- | src/cli.c | 2 | ||||
-rw-r--r-- | src/common.c | 2 | ||||
-rw-r--r-- | src/serv.c | 2 | ||||
-rw-r--r-- | src/tests.c | 4 |
23 files changed, 201 insertions, 174 deletions
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index f1bfdb0a42..b5cf800550 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -77,14 +77,16 @@ typedef enum { GNUTLS_PARAMS_RSA_EXPORT=1, typedef enum { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type_t; +#define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1 +#define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1 typedef enum { GNUTLS_MAC_NULL=1, - GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_RMD160 + GNUTLS_MAC_MD5, GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160 } gnutls_mac_algorithm_t; /* The enumerations here should have the same value with gnutls_mac_algorithm_t. */ typedef enum { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, - GNUTLS_DIG_SHA, GNUTLS_DIG_RMD160 + GNUTLS_DIG_SHA1, GNUTLS_DIG_RMD160 } gnutls_digest_algorithm_t; /* exported for other gnutls headers. This is the maximum number @@ -166,7 +168,9 @@ typedef enum { GNUTLS_PK_UNKNOWN=0, GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA const char *gnutls_pk_algorithm_get_name( gnutls_pk_algorithm_t algorithm); -typedef enum { GNUTLS_SIGN_UNKNOWN=0, GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA, +#define GNUTLS_SIGN_RSA_SHA GNUTLS_SIGN_RSA_SHA1 +#define GNUTLS_SIGN_DSA_SHA GNUTLS_SIGN_DSA_SHA1 +typedef enum { GNUTLS_SIGN_UNKNOWN=0, GNUTLS_SIGN_RSA_SHA1 = 1, GNUTLS_SIGN_DSA_SHA1, GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2, GNUTLS_SIGN_RSA_RMD160 } gnutls_sign_algorithm_t; diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index a643acf6df..2deb38a5a2 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -169,7 +169,7 @@ struct gnutls_hash_entry { typedef struct gnutls_hash_entry gnutls_hash_entry; static const gnutls_hash_entry hash_algorithms[] = { - {"SHA", OID_SHA1, GNUTLS_MAC_SHA}, + {"SHA", OID_SHA1, GNUTLS_MAC_SHA1}, {"MD5", OID_MD5, GNUTLS_MAC_MD5}, {"MD2", OID_MD2, 0/*GNUTLS_MAC_MD2*/}, {"RIPEMD160", OID_RMD160, GNUTLS_MAC_RMD160}, @@ -282,46 +282,46 @@ typedef struct { /* ANONymous cipher suites. */ -#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA { 0x00, 0x1B } +#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B } #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 } /* rfc3268: */ -#define GNUTLS_ANON_DH_AES_128_CBC_SHA { 0x00, 0x34 } -#define GNUTLS_ANON_DH_AES_256_CBC_SHA { 0x00, 0x3A } +#define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 } +#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A } /* SRP (not in TLS 1.0) * draft-ietf-tls-srp-02: */ -#define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA { 0x00, 0x50 } -#define GNUTLS_SRP_SHA_AES_128_CBC_SHA { 0x00, 0x53 } -#define GNUTLS_SRP_SHA_AES_256_CBC_SHA { 0x00, 0x56 } +#define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x50 } +#define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0x00, 0x53 } +#define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0x00, 0x56 } -#define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA { 0x00, 0x51 } -#define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA { 0x00, 0x52 } +#define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x51 } +#define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x52 } -#define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA { 0x00, 0x54 } -#define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA { 0x00, 0x55 } +#define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0x00, 0x54 } +#define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0x00, 0x55 } -#define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA { 0x00, 0x57 } -#define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA { 0x00, 0x58 } +#define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0x00, 0x57 } +#define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0x00, 0x58 } /* RSA */ -#define GNUTLS_RSA_ARCFOUR_SHA { 0x00, 0x05 } +#define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 } #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 } -#define GNUTLS_RSA_3DES_EDE_CBC_SHA { 0x00, 0x0A } +#define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A } #define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 } /* rfc3268: */ -#define GNUTLS_RSA_AES_128_CBC_SHA { 0x00, 0x2F } -#define GNUTLS_RSA_AES_256_CBC_SHA { 0x00, 0x35 } +#define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F } +#define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 } /* DHE DSS */ -#define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA { 0x00, 0x13 } +#define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 } /* draft-ietf-tls-openpgp-keys-04: @@ -339,22 +339,22 @@ typedef struct { /* draft-ietf-tls-56-bit-ciphersuites-01: */ -#define GNUTLS_DHE_DSS_ARCFOUR_SHA { 0x00, 0x66 } +#define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 } /* rfc3268: */ -#define GNUTLS_DHE_DSS_AES_256_CBC_SHA { 0x00, 0x38 } -#define GNUTLS_DHE_DSS_AES_128_CBC_SHA { 0x00, 0x32 } +#define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 } +#define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 } /* DHE RSA */ -#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA { 0x00, 0x16 } +#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 } /* rfc3268: */ -#define GNUTLS_DHE_RSA_AES_128_CBC_SHA { 0x00, 0x33 } -#define GNUTLS_DHE_RSA_AES_256_CBC_SHA { 0x00, 0x39 } +#define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 } +#define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 } #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1 @@ -364,63 +364,63 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_3DES_EDE_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_128_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_256_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_ANON_DH_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA, GNUTLS_SSL3), + GNUTLS_MAC_SHA1, GNUTLS_SSL3), /* SRP */ - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_MAC_SHA1, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_MAC_SHA1, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_MAC_SHA1, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_MAC_SHA1, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_MAC_SHA1, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_MAC_SHA1, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_MAC_SHA1, GNUTLS_TLS1), /* DHE_DSS */ - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_ARCFOUR_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_ARCFOUR_SHA1, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA, GNUTLS_TLS1), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA, GNUTLS_SSL3), + GNUTLS_MAC_SHA1, GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_RMD, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_RMD160, GNUTLS_TLS1), @@ -431,15 +431,15 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_RMD160, GNUTLS_TLS1), /* DHE_RSA */ - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA, GNUTLS_SSL3), + GNUTLS_MAC_SHA1, GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_RMD, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_RMD160, GNUTLS_TLS1), @@ -459,21 +459,21 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_SHA1, GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_SSL3), + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_ARCFOUR_MD5, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA, + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_128_CBC_SHA, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA, GNUTLS_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_256_CBC_SHA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA, GNUTLS_SSL3), + GNUTLS_MAC_SHA1, GNUTLS_SSL3), GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_RSA_3DES_EDE_CBC_RMD, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_RMD160, @@ -1425,9 +1425,9 @@ struct gnutls_sign_entry { typedef struct gnutls_sign_entry gnutls_sign_entry; static const gnutls_sign_entry sign_algorithms[] = { - {"RSA-SHA", RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA, GNUTLS_PK_RSA, GNUTLS_MAC_SHA}, + {"RSA-SHA", RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, GNUTLS_MAC_SHA1}, {"RSA-RMD160", RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA, GNUTLS_MAC_RMD160}, - {"DSA-SHA", DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA, GNUTLS_PK_DSA, GNUTLS_MAC_SHA}, + {"DSA-SHA", DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, GNUTLS_MAC_SHA1}, {"RSA-MD5", RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, GNUTLS_MAC_MD5}, {"RSA-MD2", RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, 0/*GNUTLS_MAC_MD2*/}, {0, 0, 0, 0, 0} diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index b489159866..5e1770dd46 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1912,7 +1912,7 @@ inline static int _gnutls_handshake_hash_init(gnutls_session_t session) if (session->internals.handshake_mac_handle_sha == NULL) { session->internals.handshake_mac_handle_sha = - _gnutls_hash_init(GNUTLS_MAC_SHA); + _gnutls_hash_init(GNUTLS_MAC_SHA1); if (session->internals.handshake_mac_handle_sha == GNUTLS_HASH_FAILED) { gnutls_assert(); diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 8e5dc91a4d..dfbb7aba16 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -44,7 +44,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm_t algorithm) ret->algorithm = algorithm; switch (algorithm) { - case GNUTLS_MAC_SHA: + case GNUTLS_MAC_SHA1: result = gc_hash_open(GC_SHA1, 0, &ret->handle); break; case GNUTLS_MAC_MD5: @@ -72,7 +72,7 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm_t algorithm) int ret; switch (algorithm) { - case GNUTLS_MAC_SHA: + case GNUTLS_MAC_SHA1: ret = gc_hash_digest_length(GC_SHA1); break; case GNUTLS_MAC_MD5: @@ -150,7 +150,7 @@ mac_hd_t _gnutls_hmac_init(gnutls_mac_algorithm_t algorithm, return GNUTLS_MAC_FAILED; switch (algorithm) { - case GNUTLS_MAC_SHA: + case GNUTLS_MAC_SHA1: result = gc_hash_open(GC_SHA1, GC_HMAC, &ret->handle); break; case GNUTLS_MAC_MD5: @@ -201,7 +201,7 @@ inline static int get_padsize(gnutls_mac_algorithm_t algorithm) switch (algorithm) { case GNUTLS_MAC_MD5: return 48; - case GNUTLS_MAC_SHA: + case GNUTLS_MAC_SHA1: return 40; default: return 0; @@ -317,7 +317,7 @@ static int ssl3_sha(int i, opaque * secret, int secret_len, text1[j] = 65 + i; /* A==65 */ } - td = _gnutls_hash_init(GNUTLS_MAC_SHA); + td = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (td == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; @@ -353,7 +353,7 @@ static int ssl3_md5(int i, opaque * secret, int secret_len, return ret; } - _gnutls_hash(td, tmp, _gnutls_hash_get_algo_len(GNUTLS_MAC_SHA)); + _gnutls_hash(td, tmp, _gnutls_hash_get_algo_len(GNUTLS_MAC_SHA1)); _gnutls_hash_deinit(td, digest); return 0; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index d906bb6dba..27fa306a3a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -192,7 +192,7 @@ typedef enum gnutls_params_type { GNUTLS_PARAMS_RSA_EXPORT = 1, } gnutls_params_type_t; typedef enum gnutls_mac_algorithm { GNUTLS_MAC_UNKNOWN = 0, - GNUTLS_MAC_NULL = 1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, + GNUTLS_MAC_NULL = 1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160 } gnutls_mac_algorithm_t; typedef gnutls_mac_algorithm_t gnutls_digest_algorithm_t; @@ -247,7 +247,7 @@ typedef enum gnutls_pk_algorithm { typedef enum gnutls_sign_algorithm { GNUTLS_SIGN_UNKNOWN = 0, - GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA, + GNUTLS_SIGN_RSA_SHA1 = 1, GNUTLS_SIGN_DSA_SHA1, GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2, GNUTLS_SIGN_RSA_RMD160 } gnutls_sign_algorithm_t; diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 453aa11710..40d99b7bc8 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -250,7 +250,7 @@ int gnutls_set_default_priority(gnutls_session_t session) }; static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 }; static const int mac_priority[] = - { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; + { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; gnutls_cipher_set_priority(session, cipher_priority); gnutls_compression_set_priority(session, comp_priority); @@ -291,7 +291,7 @@ int gnutls_set_default_export_priority(gnutls_session_t session) }; static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 }; static const int mac_priority[] = - { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; + { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; gnutls_cipher_set_priority(session, cipher_priority); gnutls_compression_set_priority(session, comp_priority); diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index e925b6b02e..0983ac22f2 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -129,7 +129,7 @@ int _gnutls_tls_sign_params(gnutls_session_t session, gnutls_cert * cert, opaque concat[36]; - td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA); + td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (td_sha == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; @@ -384,7 +384,7 @@ int _gnutls_verify_sig_params(gnutls_session_t session, gnutls_cert * cert, return GNUTLS_E_HASH_FAILED; } - td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA); + td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (td_sha == NULL) { gnutls_assert(); _gnutls_hash_deinit(td_md5, NULL); diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 0f70f7e4c8..f752d72b37 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -183,7 +183,7 @@ mpi_t _gnutls_calc_srp_u(mpi_t A, mpi_t B, mpi_t n) _gnutls_mpi_print(&holder[n_size - a_size], &a_size, A); _gnutls_mpi_print(&holder[n_size + n_size - b_size], &b_size, B); - td = _gnutls_hash_init(GNUTLS_MAC_SHA); + td = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (td == NULL) { gnutls_free(holder); gnutls_assert(); @@ -285,7 +285,7 @@ int _gnutls_calc_srp_sha(const char *username, const char *password, *size = 20; - td = _gnutls_hash_init(GNUTLS_MAC_SHA); + td = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (td == NULL) { return GNUTLS_E_MEMORY_ERROR; } @@ -295,7 +295,7 @@ int _gnutls_calc_srp_sha(const char *username, const char *password, _gnutls_hash_deinit(td, res); - td = _gnutls_hash_init(GNUTLS_MAC_SHA); + td = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (td == NULL) { return GNUTLS_E_MEMORY_ERROR; } diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 9cd6ff44c9..823b2ba691 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -805,7 +805,7 @@ int _gnutls_PRF(const opaque * secret, int secret_size, const char *label, } result = - _gnutls_P_hash(GNUTLS_MAC_SHA, s2, l_s, s_seed, s_seed_size, + _gnutls_P_hash(GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size, total_bytes, o2); if (result < 0) { gnutls_assert(); diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 7f61d8aa3d..3f6a02b41a 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -86,7 +86,7 @@ int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, * @crl: should contain a gnutls_x509_crl_t structure * @issuer: is the certificate of the certificate issuer * @issuer_key: holds the issuer's private key - * @dig: The message digest to use. GNUTLS_DIG_SHA is the safe choice unless you know what you're doing. + * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. * @flags: must be 0 * * This function will sign the CRL with the issuer's private key, and @@ -137,7 +137,7 @@ int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key) { - return gnutls_x509_crl_sign2( crl, issuer, issuer_key, GNUTLS_MAC_SHA, 0); + return gnutls_x509_crl_sign2( crl, issuer, issuer_key, GNUTLS_MAC_SHA1, 0); } /** diff --git a/lib/x509/crq.c b/lib/x509/crq.c index bbde93be19..ec3232adfc 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -599,7 +599,7 @@ int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, * gnutls_x509_crq_sign2 - This function will sign a Certificate request with a key * @crq: should contain a gnutls_x509_crq_t structure * @key: holds a private key - * @dig: The message digest to use. GNUTLS_DIG_SHA is the safe choice unless you know what you're doing. + * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. * @flags: must be 0 * * This function will sign the certificate request with a private key. @@ -672,7 +672,7 @@ int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, **/ int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) { - return gnutls_x509_crq_sign2(crq, key, GNUTLS_MAC_SHA, 0); + return gnutls_x509_crq_sign2(crq, key, GNUTLS_MAC_SHA1, 0); } /** diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 4620ae5a78..177db61769 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -840,7 +840,7 @@ int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass) /* MAC the data */ - td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA, key, sizeof(key)); + td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA1, key, sizeof(key)); if (td1 == GNUTLS_MAC_FAILED) { gnutls_assert(); result = GNUTLS_E_INTERNAL_ERROR; @@ -957,7 +957,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) /* MAC the data */ - td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA, key, sizeof(key)); + td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA1, key, sizeof(key)); if (td1 == GNUTLS_MAC_FAILED) { gnutls_assert(); result = GNUTLS_E_INTERNAL_ERROR; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 3239de6c53..5e5551a98e 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1307,7 +1307,7 @@ int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, } else return GNUTLS_E_INTERNAL_ERROR; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA); + hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (hd == GNUTLS_HASH_FAILED) { gnutls_assert(); result = GNUTLS_E_INTERNAL_ERROR; @@ -1336,15 +1336,17 @@ int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, * @flags: should be 0 for now * @data: holds the data to be signed * @signature: will contain the signature - * @signature_size: holds the size of signature (and will be replaced by the new size) + * @signature_size: holds the size of signature (and will be replaced + * by the new size) * - * This function will sign the given data using a signature algorithm supported by - * the private key. Signature algorithms are always used together with a hash functions. - * Different hash functions may be used for the RSA algorithm, but only - * SHA-1 for the DSA keys. + * This function will sign the given data using a signature algorithm + * supported by the private key. Signature algorithms are always used + * together with a hash functions. Different hash functions may be + * used for the RSA algorithm, but only SHA-1 for the DSA keys. * * If the buffer provided is not long enough to hold the output, then - * &signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. + * *signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will + * be returned. * * In case of failure a negative value will be returned, and * 0 on success. diff --git a/lib/x509/sign.c b/lib/x509/sign.c index 2ca23c3ed4..37c39204ef 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -167,7 +167,7 @@ dsa_sign(const gnutls_datum_t * text, GNUTLS_HASH_HANDLE hd; gnutls_datum_t digest; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA); + hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (hd == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; diff --git a/lib/x509/verify.c b/lib/x509/verify.c index db4f627bc2..b4e5e8af9a 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -500,7 +500,7 @@ dsa_verify_sig(const gnutls_datum_t * text, gnutls_datum_t digest; GNUTLS_HASH_HANDLE hd; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA); + hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (hd == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 17632d8743..f42c356bca 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -228,15 +228,16 @@ int gnutls_x509_crt_import(gnutls_x509_crt_t cert, * @buf: a pointer to a structure to hold the name (may be null) * @sizeof_buf: initially holds the size of @buf * - * This function will copy the name of the Certificate issuer in the provided buffer. The name - * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output - * string will be ASCII or UTF-8 encoded, depending on the certificate data. + * This function will copy the name of the Certificate issuer in the + * provided buffer. The name will be in the form + * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string + * will be ASCII or UTF-8 encoded, depending on the certificate data. * * If @buf is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_buf will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, @@ -261,20 +262,22 @@ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, * @buf: a pointer to a structure to hold the name (may be null) * @sizeof_buf: initially holds the size of @buf * - * This function will extract the part of the name of the Certificate issuer specified - * by the given OID. The output will be encoded as described in RFC2253. The output - * string will be ASCII or UTF-8 encoded, depending on the certificate data. + * This function will extract the part of the name of the Certificate + * issuer specified by the given OID. The output will be encoded as + * described in RFC2253. The output string will be ASCII or UTF-8 + * encoded, depending on the certificate data. * * Some helper macros with popular OIDs can be found in gnutls/x509.h - * If raw flag is zero, this function will only return known OIDs as text. Other OIDs - * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. - * You can check about known OIDs using gnutls_x509_dn_oid_known(). + * If raw flag is zero, this function will only return known OIDs as + * text. Other OIDs will be DER encoded, as described in RFC2253 -- + * in hex format with a '\#' prefix. You can check about known OIDs + * using gnutls_x509_dn_oid_known(). * * If @buf is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_buf will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, @@ -299,14 +302,14 @@ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, * @oid: a pointer to a buffer to hold the OID (may be null) * @sizeof_oid: initially holds the size of @oid * - * This function will extract the OIDs of the name of the Certificate issuer specified - * by the given index. + * This function will extract the OIDs of the name of the Certificate + * issuer specified by the given index. * * If @oid is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_oid will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_oid will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, @@ -329,15 +332,16 @@ int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, * @buf: a pointer to a structure to hold the name (may be null) * @sizeof_buf: initially holds the size of @buf * - * This function will copy the name of the Certificate in the provided buffer. The name - * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output - * string will be ASCII or UTF-8 encoded, depending on the certificate data. + * This function will copy the name of the Certificate in the + * provided buffer. The name will be in the form + * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string + * will be ASCII or UTF-8 encoded, depending on the certificate data. * * If @buf is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_buf will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, @@ -362,20 +366,21 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, * @buf: a pointer to a structure to hold the name (may be null) * @sizeof_buf: initially holds the size of @buf * - * This function will extract the part of the name of the Certificate subject, specified - * by the given OID. The output - * string will be ASCII or UTF-8 encoded, depending on the certificate data. + * This function will extract the part of the name of the Certificate + * subject, specified by the given OID. The output string will be + * ASCII or UTF-8 encoded, depending on the certificate data. * * Some helper macros with popular OIDs can be found in gnutls/x509.h - * If raw flag is zero, this function will only return known OIDs as text. Other OIDs - * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. - * You can check about known OIDs using gnutls_x509_dn_oid_known(). + * If raw flag is zero, this function will only return known OIDs as + * text. Other OIDs will be DER encoded, as described in RFC2253 -- + * in hex format with a '\#' prefix. You can check about known OIDs + * using gnutls_x509_dn_oid_known(). * * If @buf is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_buf will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, @@ -399,14 +404,14 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, * @oid: a pointer to a buffer to hold the OID (may be null) * @sizeof_oid: initially holds the size of @oid * - * This function will extract the OIDs of the name of the Certificate subject specified - * by the given index. + * This function will extract the OIDs of the name of the Certificate + * subject specified by the given index. * * If oid is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_oid will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_oid will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, @@ -1227,9 +1232,9 @@ int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, * * If the buffer is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_buf will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, @@ -1381,7 +1386,7 @@ int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, } else return GNUTLS_E_INTERNAL_ERROR; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA); + hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); if (hd == GNUTLS_HASH_FAILED) { gnutls_assert(); result = GNUTLS_E_INTERNAL_ERROR; @@ -1671,15 +1676,16 @@ int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, * @oid: a pointer to a buffer to hold the OID (may be null) * @sizeof_oid: initially holds the size of @oid * - * This function will extract the key purpose OIDs of the Certificate specified - * by the given index. These are stored in the Extended Key Usage extension (2.5.29.37) - * See the GNUTLS_KP_* definitions for human readable names. + * This function will extract the key purpose OIDs of the Certificate + * specified by the given index. These are stored in the Extended Key + * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for + * human readable names. * * If @oid is null then only the size will be filled. * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and - * in that case the &sizeof_oid will be updated with the required size. - * On success 0 is returned. + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_oid will be updated with + * the required size. On success 0 is returned. * **/ int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 3cb5ce7565..4c303183da 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -386,7 +386,7 @@ int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, * @crt: should contain a gnutls_x509_crt_t structure * @issuer: is the certificate of the certificate issuer * @issuer_key: holds the issuer's private key - * @dig: The message digest to use. GNUTLS_DIG_SHA is the safe choice unless you know what you're doing. + * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. * @flags: must be 0 * * This function will sign the certificate with the issuer's private key, and @@ -437,7 +437,7 @@ int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key) { - return gnutls_x509_crt_sign2( crt, issuer, issuer_key, GNUTLS_MAC_SHA, 0); + return gnutls_x509_crt_sign2( crt, issuer, issuer_key, GNUTLS_MAC_SHA1, 0); } /** diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c index 2bfbb4b37e..f67979ab27 100644 --- a/libextra/gnutls_openssl.c +++ b/libextra/gnutls_openssl.c @@ -497,7 +497,7 @@ SSL_METHOD *SSLv23_client_method(void) m->kx_priority[2] = GNUTLS_KX_DHE_DSS; m->kx_priority[3] = 0; - m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[0] = GNUTLS_MAC_SHA1; m->mac_priority[1] = GNUTLS_MAC_MD5; m->mac_priority[2] = 0; @@ -532,7 +532,7 @@ SSL_METHOD *SSLv23_server_method(void) m->kx_priority[2] = GNUTLS_KX_DHE_DSS; m->kx_priority[3] = 0; - m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[0] = GNUTLS_MAC_SHA1; m->mac_priority[1] = GNUTLS_MAC_MD5; m->mac_priority[2] = 0; @@ -564,7 +564,7 @@ SSL_METHOD *SSLv3_client_method(void) m->kx_priority[2] = GNUTLS_KX_DHE_DSS; m->kx_priority[3] = 0; - m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[0] = GNUTLS_MAC_SHA1; m->mac_priority[1] = GNUTLS_MAC_MD5; m->mac_priority[2] = 0; @@ -596,7 +596,7 @@ SSL_METHOD *SSLv3_server_method(void) m->kx_priority[2] = GNUTLS_KX_DHE_DSS; m->kx_priority[3] = 0; - m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[0] = GNUTLS_MAC_SHA1; m->mac_priority[1] = GNUTLS_MAC_MD5; m->mac_priority[2] = 0; @@ -630,7 +630,7 @@ SSL_METHOD *TLSv1_client_method(void) m->kx_priority[2] = GNUTLS_KX_DHE_DSS; m->kx_priority[3] = 0; - m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[0] = GNUTLS_MAC_SHA1; m->mac_priority[1] = GNUTLS_MAC_MD5; m->mac_priority[2] = 0; @@ -664,7 +664,7 @@ SSL_METHOD *TLSv1_server_method(void) m->kx_priority[2] = GNUTLS_KX_DHE_DSS; m->kx_priority[3] = 0; - m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[0] = GNUTLS_MAC_SHA1; m->mac_priority[1] = GNUTLS_MAC_MD5; m->mac_priority[2] = 0; diff --git a/src/certtool.c b/src/certtool.c index cf407f6134..8c24f97063 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -69,7 +69,7 @@ FILE *outfile; FILE *infile; static int in_cert_format; static int out_cert_format; -gnutls_digest_algorithm_t dig = GNUTLS_DIG_SHA; +gnutls_digest_algorithm_t dig = GNUTLS_DIG_SHA1; #define UNKNOWN "Unknown" @@ -813,7 +813,7 @@ void gaa_parser(int argc, char **argv) fprintf(stderr, "Warning: MD5 is broken, and should not be used any more for digital signatures.\n"); dig = GNUTLS_DIG_MD5; } else if (strcasecmp(info.hash, "sha1")==0) - dig = GNUTLS_DIG_SHA; + dig = GNUTLS_DIG_SHA1; else if (strcasecmp(info.hash, "rmd160")==0) dig = GNUTLS_DIG_RMD160; else fprintf(stderr, "Unsupported hash algorithm '%s'. Using the default.\n", info.hash); @@ -1323,7 +1323,7 @@ static void print_certificate_info(gnutls_x509_crt crt, FILE * out, if (all) { size = sizeof(buffer); if ((ret = - gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_SHA, buffer, + gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_MD5, buffer, &size)) < 0) { fprintf(out, "Error in fingerprint calculation: %s\n", gnutls_strerror(ret)); @@ -1333,8 +1333,23 @@ static void print_certificate_info(gnutls_x509_crt crt, FILE * out, sprintf(print, "%.2x ", (unsigned char) buffer[i]); print += 3; } - fprintf(out, "\tFingerprint: %s\n", printable); + fprintf(out, "\tMD5 Fingerprint: %s\n", printable); } + + if ((ret = + gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_SHA1, buffer, + &size)) < 0) { + fprintf(out, "Error in fingerprint calculation: %s\n", + gnutls_strerror(ret)); + } else { + print = printable; + for (i = 0; i < size; i++) { + sprintf(print, "%.2x ", (unsigned char) buffer[i]); + print += 3; + } + fprintf(out, "\tSHA1 Fingerprint: %s\n", printable); + } + } size = sizeof(buffer); @@ -97,7 +97,7 @@ int cipher_priority[PRI_MAX] = }; int comp_priority[PRI_MAX] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; int mac_priority[PRI_MAX] = - { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; + { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; int cert_type_priority[PRI_MAX] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; diff --git a/src/common.c b/src/common.c index ad073330bb..aa8011752f 100644 --- a/src/common.c +++ b/src/common.c @@ -648,7 +648,7 @@ void parse_macs(char **macs, int nmacs, int *mac_priority) else if (strncasecmp(macs[i], "RMD", 3) == 0) mac_priority[j++] = GNUTLS_MAC_RMD160; else if (strncasecmp(macs[i], "SHA", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_SHA; + mac_priority[j++] = GNUTLS_MAC_SHA1; else fprintf(stderr, "Unknown MAC: '%s'\n", macs[i]); } diff --git a/src/serv.c b/src/serv.c index 15839f3aed..6bae28c342 100644 --- a/src/serv.c +++ b/src/serv.c @@ -279,7 +279,7 @@ int cipher_priority[PRI_MAX] = int comp_priority[PRI_MAX] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_LZO, GNUTLS_COMP_NULL, 0 }; int mac_priority[PRI_MAX] = - { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; + { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; int cert_type_priority[PRI_MAX] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; diff --git a/src/tests.c b/src/tests.c index 29d4fd447e..85e5f5f82e 100644 --- a/src/tests.c +++ b/src/tests.c @@ -108,7 +108,7 @@ static const int cipher_priority[16] = GNUTLS_CIPHER_ARCFOUR_40, 0 }; static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 }; -static const int mac_priority[16] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; +static const int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 }; static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 }; #define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority) @@ -612,7 +612,7 @@ test_code_t test_sha(gnutls_session session) ADD_ALL_COMP(session); ADD_ALL_CERTTYPES(session); ADD_ALL_PROTOCOLS(session); - ADD_MAC(session, GNUTLS_MAC_SHA); + ADD_MAC(session, GNUTLS_MAC_SHA1); ADD_ALL_KX(session); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); |